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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH (S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

• Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will appty and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

Responsive to communication(s) filed on 25 February 2003 . 
2a)M This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 19 and 21-35 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [3 Claim(s) 19 and 21-35 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) \3 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 25 September 1997 is/are: a)S accepted or *>)□ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

1 1) D The proposed drawing correction filed on is: a)D approved b)Q disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 

Attachment s) 

1 ) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) Paper No(s). . 

2) Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) (Zl Notice of Informal Patent Application (PTO-152) 

3) O Information Disclosure Statement(s) (PTO-1449) Paper No(s) . 6) O Other: 
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DETAILED ACTION 

1 . This action is in response to paper number 3 1, Amendment/Response, filed on 2/25/03. 
Arguments were considered but were not found to be persuasive. 

2. Claims 19 and 21-35 are pending in the application. 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

3. Claim 19 is rejected under 35 U.S.C 102(b) as being unpatentable over Jablon et al. 
(hereinafter Jablon) (US 5,421,006). 

Referring to claim 19, Jablon teaches an apparatus for ensuring the integrity of an 
application executed on a computer (see Title) having data storage arranged sectorwise (i.e., 
"disk"), comprising: 

- apparatus for learning about the normal behavior of said application to said data storage 
arranged sectorwise by monitoring accesses of said application to elements of said data 
storage during a limited period ("device "assessing the integrity", "prevents execution 
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of corrupted programs at time of system initialization ", "programs and data", see 
Abstract It is inherent that data storage is arranged sectorwise in memory,), 
- an enforcement device, operative after said period is over, for identifying and preventing 
said application from accessing elements of data storage that do not correspond with the 
normal behavior of said application ("verify the integrity", "sets a hardware latch to 
protect the codes in the non-volatile memory from being overwritten by subsequent 
untrusted programs ", "Damage ", "virus and Trojan horse attacks is prevented", see 
Abstract and "if an integrity violation is detected, the second program is not run ", 
"closes the latch to prevent verification data in the non-volatile memory from being 
modified by subsequent programs", col 8, lines 39-59 and col 10, lines 46-52), 

Claim Rejections - 35 USC §103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

4. Claims 21-34 are rejected under 35 U.S.C. 103(a) as being unpatentable over Jablon et al. 
(hereinafter Jablon) (US 5,421,006). 



Referring to claim 21, Jablon teaches an apparatus wherein said enforcement device is 
operative to prompt a user to give specific permission, upon occurrence of an attempt of the 
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program to access files not accessed during said learning period. Jablon discloses that the user is 
warned if there is a problem with data integrity (col 8, line 52). The user gives authentication 
data, such as a password to login. Permission is granted when successful login occurs. User 
login is necessary to close the latch to protect data from being modified or read by any 
subsequent program (col 9, lines 48-54, and col 20, lines 32-40). Jablon fails to explicitly teach 
that the verification data for each program is stored in a file and that file is accessed for 
verification. However, "Official Notice" is taken that both the concept and advantages of 
providing that data can be stored in a file is well known and expected in the art. It would have 
been obvious to one of ordinary skill in the art at the time the invention was made to include a 
file that contained the verification data of each program to the existing system of Jablon for the 
reason of increasing organization of the program by keeping the verification information for a 
particular program in one area. It makes it simpler for the respective program to access the 
information. 

Referring to claim 23, Jablon teaches an apparatus wherein said enforcement device is 
based at least partly on instances of specific permission being given by the user to the program to 
access certain files, wherein the enforcement device treats attempts of the program to access files 
to which the user permitted access during said learning period more leniently than attempts of 
the program to access files to which the user did not permit access during said learning period. It 
is rejected for the same reasons as stated in the rejection of claim 21. There is definitely more 
leniency to access files with user permission (successful username/password login). There is no 
leniency without permission. 
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Referring to claims 22 and 24, Jablon teaches an apparatus for ensuring the integrity of a 
computer application to be run in association with a computer having data storage arranged 
sectorwise (i.e. "disk) in a storage device, comprising: 

- apparatus for assigning a general enforcement file to each new program; 

- apparatus for learning about the program by monitoring the program of said data storage, 
by monitoring the program's attempts to make file accesses during a learning period; 

- an enforcement device operative, after said learning period is over, to treat attempts of the 
program to access files accessed during said learning period more leniently than attempts 
of the program to access files not accessed during said learning period; said enforcement 
device is based at least on instances of specific permission being given by the user to said 
application to access locations of said data storage, wherein said enforcement device 
treats attempts of said application to access locations of said data storage to which the 
user has permitted to access during said learning period more leniently than attempts of 
the program to access files to which the user did not permit access during said learning 
period. 

Jablon teaches that the integrity of each program must be verified before the latch mechanism 
opens the latch and the memory is readable and writable (col 8, lines 39-59). The "learning 
period" occurs at this time. Jablon fails to explicitly teach that the verification data for each 
program is stored in a file. However, "Official Notice" is taken that both the concept and 
advantages of providing that data can be stored in a file is well known and expected in the art. It 
would have been obvious to one of ordinary skill in the art at the time the invention was made to 
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include a file that contained the verification data of each program to the existing system of 
Jablon for the reason of increasing organization of the program by keeping the verification 
information for a particular program in one area. It makes it simpler for the respective program 
to access the information. 

Referring to claim 25, it is rejected for the same reasons as stated in the rejection of claim 

24. 

Referring to claim 26-28, Jablon teaches a method further comprising enabling the user 
of said first application to determine said normal behavior during said learning period. The user 
determines the normal behavior through the integrity verification process (col 8, lines 39-59). 

Referring to claim 29-34, Jablon teaches a method further comprising detecting attempts 
of a daughter or second application of said first application to access elements of data storage 
that do not correspond to said normal behavior as determined by said enforcement file and 
inhibiting said accesses, thereby preventing the damage thereupon. It is rejected for the same 
reasons as stated in the rejection of claims 22 and 24. In addition, Jablon discloses that the 
system loads a second program only after the first program passes the verification of data 
integrity (col 8 t lines 39-59). 



ARGUMENTS 
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5. Applicant argues on page 7, #1 that Jablon doesn't use a learning process, i.e., a process 
on which the normal access behavior of the application is characterized. In response, Examiner 
respectfully disagrees. Jablon teaches uses integrity (see Abstract) to identify normal behavior. 

6. Applicant argues on page 7, #2 that in the present invention the target program is never 
examined in relation to verification data. In response, Applicant does not mention in the 
specification or claims that verification data with respect to the target program cannot be used. 
Jablon teaches the claimed invention in addition to a relationship between the program and 
verifying data. 

7. Applicant argues on page 7, #3 that Jablon doesn't examine the behavior of the program, 
but the content of the program's file(s). Thus, while Jablon examines if the program was 
changed, the present invention examines its behavior. The present invention does not deal with 
indicating if a program was altered, but with indicating if the program's behavior is unexpected 
over what is considered as normal. In response, Examiner respectfully disagrees. As stated by 
the Applicant, Jablon indicates behavior such as if a program was altered or changed from what 
was normal or initial. 

8. In response to applicants argument (page 7, #4) that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies (i.e., 
"the present invention examines its consequences during its execution", "the present invention 
prevents the damage thereof, not its execution") are not recited in the rejected claim(s). 
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Although the claims are interpreted in light of the specification, limitations from the specification 
are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 
1993). 

9. Applicant argues on page 7, #5 that the present invention makes use only of software 
methods, not hardware methods. In response, Jablon also teaches the use of software methods 
(see title). 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kenneth Tang whose telephone number is (703) 305-5334. The 
examiner can normally be reached on 9:00am-6:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on (703)305-8498. The fax phone numbers for the 
organization where this application or proceeding is assigned are (703) 746-7239 for regular 
communications and (703) 746-7238 for After Final communications. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is none. 



kt 

May 7, 2003 




